security (xss_clean) the data in controller or model?
In your sample code, I see you call the xss_clean through the my_security helper in the models.
I have a controller which will take a string as the parameter value.
And this controller will load several models to handle this parameter value.
Where should I xss_clean on this parameter value? If I xss_clean it in the controller, I just need to call it once and then the xss_clean checked value will pass to the models and the models will not need to xss_clean it in each of them.
But in theory, some other controller would call these models too, and then due to these models are not xss_clean this parameter value, then it would be a problem.
So I think the good practice is calling xss_clean in models.
In my case, I know these models would only be called by this controller only. Should I still stick with the rule, call xss_clean in models? Or should I xss_clean in the controller?
Or should I call xss_clean both in controller or model?